package gen.tools.personnel;

import gen.tools.Widgets;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class ManipulateGridPersonnel extends HttpServlet {
	private static final long serialVersionUID = 1L;
       
    public ManipulateGridPersonnel() {
        super();
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doPost(request,response);
	}

	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

		
		Widgets wid = new Widgets();
		request.setCharacterEncoding( wid.UIcodeSet );
		response.setContentType("application/text");
		response.setCharacterEncoding( wid.UIcodeSet );
		
		Connection conn = wid.getConn();
		PreparedStatement ps = null;
		ResultSet rs = null;
		
		String strSQL = "";
		String oper = request.getParameter("oper");
		String id = "";
		String result = "";
		final String currentUser = request.getParameter("empId");
		String roleList = request.getParameter("roleList");
		
		try {
			/** 判別需進行何種操作 **/
			if ( "del".equalsIgnoreCase(oper) ) {
				id = request.getParameter("id");
				strSQL = "DELETE FROM emps WHERE empId=?";
				ps = conn.prepareStatement(strSQL);
				ps.setString(1, id);
				ps.execute();
				
				result = "刪除了"+id;
				
			} else if ( "add".equalsIgnoreCase(oper) ) {
				strSQL = "SELECT COUNT(empId) FROM emps WHERE empId=?";
				id = request.getParameter("empId");
				ps = conn.prepareStatement(strSQL);
				ps.setString(1, id);
				rs = ps.executeQuery();
				rs.next();
				if ( rs.getInt(1) == 0 ) {		//測試此ID 是否已存在
					strSQL = "INSERT INTO emps (empId,empName,empEmail,empPhone,empPwd) VALUES (?,?,?,?,?)";
					ps = conn.prepareStatement(strSQL);
					ps.setString(1, id);
					ps.setString(2, request.getParameter("empName"));
					ps.setString(3, request.getParameter("empEmail"));
					ps.setString(4, request.getParameter("empPhone"));
					ps.setString(5, request.getParameter("empPwd"));
					ps.execute();
					
					if ( roleList != null ) {
						String[]  roleArr = roleList.split("(");
						strSQL = "INSERT INTO mproleuser (empId,roleId) VALUES (?,?)";
						ps = conn.prepareStatement(strSQL);
						ps.setString(1, id);
						for (int i=1; i<roleArr.length;i++) {
							ps.setString(2, roleArr[i].substring(0, 1));
							ps.execute();
						}
					}
					
					result = "新增完成 "+id;
				} else {
					result = id+" 已存在 !";		
				}
			} else if ( "edit".equalsIgnoreCase(oper) ) {
				strSQL = "UPDATE emps SET empName=?,empEmail=?,empPhone=?,empPwd=? WHERE empId=?";
				id = request.getParameter("empId");
				ps = conn.prepareStatement(strSQL);
				ps.setString(1, request.getParameter("empName") );
				ps.setString(2, request.getParameter("empEmail"));
				ps.setString(3, request.getParameter("empPhone"));
				ps.setString(4, request.getParameter("empPwd"));
				ps.setString(5, id);
				ps.execute();
				 
				if ( roleList != null ) {
					roleList = roleList.replace("(", "_");
					String[]  roleArr = roleList.split("_");
					strSQL = "DELETE FROM mproleuser WHERE empId=?";
					ps = conn.prepareStatement(strSQL);
					ps.setString(1, id);
					ps.execute();
					strSQL = "INSERT INTO mproleuser (empId,roleId) VALUES (?,?)";
					ps = conn.prepareStatement(strSQL);
					ps.setString(1, id);
					for (int i=1; i<roleArr.length;i++) {
						ps.setString(2, roleArr[i].substring(0, 1));
						ps.execute();
					}
				}
				result = "修改完成 "+id;
				
			}
		} catch (Exception e) {
			result = "異動"+id+"失敗!!\n\n";
			result += wid.errLog(e);
		} finally {
			try {
				if (rs!= null) {rs.close();}
				if (ps!= null) {ps.close();}
				if (conn!= null) {conn.close();}
			} catch (SQLException e) {
				System.out.println(wid.errProcess(e));
			}
		}

		response.getWriter().write(result);		
	}
}
